With the identity assertion
authentication method, the
security token generates a <wsse:UsernameToken> element that
contains a <wsse:Username> element. On the request sender side,
a callback handler is invoked to generate the security token. On the
request receiver side, the security token is validated. Unlike BasicAuth
authentication, trust is established through the use of a security
token rather than through user name and password validation.
Before you begin
Important: There
is an important distinction between
Version 5.x and Version 6.0.x and later applications.
The information in this article supports Version 5.x applications
only that are used with WebSphere® Application Server
Version 6.0.x and later. The information does not apply to
Version 6.0.x and later applications.
WebSphere Application
Server provides several different methods to secure your web services.
Identity assertion authentication is one of these methods. You might
also secure your web services using any of the following methods:
- XML digital signature
- XML encryption
- BasicAuth authentication
- Identity assertion
authentication
- Signature authentication
- Pluggable
token
About this task
To use identity assertion authentication
to secure web services,
complete the following tasks:
Procedure
- Secure the
client for identity assertion authentication.
-
Configuring the client for identity assertion: specifying the method
- Configuring the client for identity assertion: collecting the authentication method
- Secure
the server for identity assertion authentication.
- Configuring the server to handle identity assertion authentication
- Configuring the server to validate identity assertion authentication information
Results
After
completing these steps, you have secured your web services
by using identity assertion authentication.